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ABSTRACT 



When transferring data, an electronic document or the 
like from a first computer system (100) to a second 
computer system (200) via a data transmission line (300), 
e.g. a public data transmission line, a first output and 
input station (122) comprising a first electronic card 
(124) and a second output and input station (222) com- 
prising a second electronic card (224) are used. The data 
is transferred to the first electronic card (124) from the 
first computer system (100) via the first station (122) and 
is encrypted in the first electronic card (124), where- 
upon the data is output from the first electronic card 
(124) in encrypted form and transferred via the first 
station (122) to the first computer system (100) and 
therefrom to the data transmission line (300). The data is 
received by the other computer system (200) in en- 
crypted form and is transferred to the second electronic 
card (224) via the second station (222), whereupon the 
data is decrypted in the second electronic card (224) 
and is output from the second electronic card via the 
second station (222) to the second computer system 
(200). As the data transfer between the first and the 
second computer system is carried out between the first 
and the second electronic card, no third parties have 
neither authorized or unauthorized possibility of inter- 
fering with the data transmission and possibly changing 
the data or the electronic document. The first and sec- 
ond electronic card (124, 224) constitute a coherent set 
of cards comprising coherent encryption/decryption 
keys input into the internal storages of the cards. 

33 Claims, 4 Drawing Sheets 
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electronic document sent from the first computer sys- 

METHOD OF TRANSFERRING DATA, BETWEEN tem. Such an encrypted data transmission via a public 

COMPUTER SYSTEMS USING ELECTRONIC or private data transmission line does neither in itself 

CARDS ensure that the two computer systems communicating 

5 with each other are the correct, intended parties of 

The present invention relates to a method of transfer- communication, 

ring data, an electronic document or the like from a first The object of the present invention is to provide a 

computer system to a second computer system via a method of the type defined above, according to which 

data transmission Ime, e.g. a public data transmission method it is possible to establish immediately a secure 

, . . 1° data or document transfer between two computer sys- 

Several techniques and standards are known for terns without having to exchange encryption/decryp- 

transfernng data, electronic documents or the like from ti on keys between the computer systems, reveal details 

a first computer system to a second computer system conce rning security levels, etc., and according to which 

via different data ^ transmission hues such as high speed method it is ensured ^ the desired data or * document 

SKJf^r^/TT 01 . pub V ata 4 15 transfer P lace > * * * €ns **d that it will 

«on lmes, etc If the da* transmission hue itself is not not ^ ^ for of the ^ Qr for a ^ 

SS?^ W "interfere with the data or document transfer. 

ton being able to tap the data transferred via the data K - ^ rtf ,t nrA ^„ t it . +w _™ ,• 

transmission line or the electronic document transferred ™ e , ol * ect ° f * e V**** invention is thus more exphc- 

• 4 . A , . . . v uoj^ciiw itly to provide techniques ensuring that at the transfer 

via the data transmission Ime, it is a conventional tech- 20 /j * i ■ ~- Z """"^ 

nique to provide an encryption of the data or the elec- of ^ " ™ t electronic f™* from one first c ™' 
tronic document in accordance with encryption/de- f Uter * s f em l . to a W*" system ^ f. data 
cryption techniques well-known per se, which tech- ^^iission line, e^g. a public data ttansmission line, it 
niques may comprise either symmetrical or asymmetri- 15 8™"** that * he f ata recclv f d second corn- 
eal encryption algorithms, secret or public keys. In this 25 sy ^ em or the electronJC document received by 
context reference is only to be made to the well-known * he com P uter s V stem 15 identical to the data sent 
DES algorithm (Data Encryption Standard), developed from ™ e furst com P uter svstem or the electronic docu- 
by IBM in cooperation with the National Bureau of ment ^ from the first com P ut er system and vice 
Standards (NBS), USA. As an example of a data/docu- ve £?f: t . 

ment exchange protocol mention is here to be made of 30 Tias ^J** K obtained in accordance with the inven- 

the data/document exchange protocol — LECAM— tl0n bv means of a method of the type defined above, 

developed by FRANCE TELECOM in connection wnic ** method in accordance with a first aspect of the 

with the Miriitel computers used widely in France, in invention is characterized in that 

accordance with which the data/document transfer for ^ transfer 

may take place in encrypted and not encrypted form 35 a s ^tion » used for outputting data from and 

(further specifications of the protocol are given in inputting data into a first electronic card, said first 

ST.U.CA.M-Specification Techniques d'Utilisation du station being connected to and communicating 

LECAM, ©Decembre 1987, FRANCE TELECOM, ^ first computer system and furthermore 

Teletel). Such an encrypted data transmission presup- being connected to said data transmission line via 

poses, however, that the transmitter and the receiver 40 ^ ret computer system and interfacing means, 
can agree to establishing a mutual set of encryption/de- 

cryption keys, as the parties involved, transmitter and a sec ond station is used for outputting data from and 
receiver, invariably have to reveal details concerning inputting data into a second electronic card, said 
security levels, etc. Such an agreement requires, how- second station being connected to and communi- 
ever, that both transmitter and receiver fully trust the 45 eating with said second computer system and fur- 
other party. Even if the two parties, who are to make a thermore being connected to said data transmission 
transfer of data or a transfer of one electronic document ** n e v & this second computer system and interfac- 
from a first computer system to a second computer m S means,. 

system, can agree to such an exchange of encryption/- said first and second electronic card each comprising 
decryption keys for use in connection with an encryp- 50 a central data processing unit, an internal storage 
tion/decryption algorithm agreed upon, not even such means, an input/output gate for communication 
an encrypted data transmission ensures that the data with said corresponding station as well as an en- 
sent from the first computer system or the electronic cryption/decryption means and together constitut- 
document sent from the first computer system is re- ing a coherent set of cards comprising coherent 
ceived correctly by the second computer system, as it 55 encryption and decryption keys input into said 
will be possible to manipulate the data or the electronic internal storages of said cards, 
document in connection with the execution of the en- said data or said electronic document being transferred 
cryption algorithm in the first computer system, just as to said first electronic card from said first computer 
the receiver after decryption can manipulate the data or system via said first station and said input/output gate 
the electronic document. Such an encrypted data trans- 60 of said first electronic card, being input into and being 
mission does not in itself ensure that the transfer taking temporarily stored in said internal storage of said first 
place is the intended or desired transfer of the data or electronic card, 

the electronic document, that the data received by the said data or said electronic document being output from 

second computer system or the electronic document said internal storage of said first electronic card and 

received by the second computer system, in the form in 65 being encrypted in said first electronic card by means 

which the data or the electronic document exists in the of said encryption/decryption means of said first 

second computer system after transfer, is identical to electronic card and said encryption key(s) stored in 

the data sent from the first computer system or the said internal storage of said first electronic card, 
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said data or said electronic document being output from between computer systems, the authenticity of which is 

said first electronic card in encrypted form via said verified relative to one another, as a verification of the 

input/output gate of said first electronic card and authenticity of the first electronic card relative to the 

being transferred via said first station to said first second electronic card and vice versa is preferably 

computer system and being transferred therefrom via 5 made prior to the transfer of the data or the electronic 

said interfacing means of said first computer system document from the first computer system to the second 

to said data transmission line, computer system. 

said data or said electronic document being received by In accordance with the method according to the 

said second computer system in encrypted form via invention it is furthermore possible to verify that the 

said interfacing means of said second computer sys- 10 data or document transfer is correct, i.e. to verify that 

tern, being transferred to said second electronic card the data received by the receiver or the second com- 

via said second station and via said input/output gate puter system or the electronic document received by 

of said second electronic card, being input into and the receiver or the second computer system is identical 

temporarily stored in said internal storage of said to the data sent from the first computer system or the 

second electronic card, 15 electronic document sent from the first computer sys- 

said data or said electronic document being output from tern, as in accordance with the invention a verification 

said internal storage of said first electronic card in of the integrity of the data or document transfer is pref- 

encrypted form and being decrypted in said second erably made at the transfer of the data or the electronic 

electronic card by means of said encryption/decryp- document from the first computer system to the second 

don means of said second electronic card and said 20 computer system. 

decryption key(s) stored in said internal storage of The utilization of a coherent set of electronic cards 
said second electronic card, and which is characteristic of the invention, via which the 
said data or said electronic document being output after data and document transfer takes place, makes it possi- 
decryption in said second electronic card from said ble for the data or document transfer to proceed corn- 
second electronic card and output to said second 25 pletely autonomously without any possibility of inter- 
computer system via said input/output gate of said ference or corrupting from neither the computer sys- 
second electronic card and via said second station. terns involved, persons, including operators, who with 
In accordance with the first aspect of the invention, or without authorization try to change the data or the 
the data or document transfer from the first computer electronic document being transferred, as in accordance 
system to the second computer system is established by 30 with the method of the invention, the inputting into, the 
means of two coherent electronic cards, which by outputting from, the encryption and the decryption and 
themselves ensure the necessary data transmission secu- possibly the authenticity and integrity verification are 
rity during data transmission in encrypted form, as the preferably controlled autonomously by the central data 
use of two coherent electronic cards at the same time processing unit of the individual card, 
relative to both transmitter and receiver, guarantees 35 In accordance with a special aspect of the present 
that the data output from the second electronic card or invention, the actual transfer of the data or the elec- 
the electronic document output from the second elec- tronic document between the first and the second com- 
tronic card is identical to the data input into the first puter system is preferably made in accordance with the 
electronic card or the electronic document input into above-mentioned LECAM protocol either in encrypted 
the first electronic card. 40 or decrypted form. 

As the data transfer between the first and the second According to a first embodiment of the above de- 
computer system is carried out between the first and the scribed authenticity verification it is preferred that 
second electronic card, no third parties with or without a first set of data being generated in said first electronic 
authorization are able to interfere with the data trans- card, said set of data being input into and stored in 
mission and change the data or the electronic docu- 45 said internal storage of said first electronic card and 
ment As will be clear, this data or document transfer in being encrypted in said first electronic card by means 
accordance with the teaching of the invention is possi- of said encryption/decryption means of said first 
ble, without having to make any other modification in electronic card and said encryption key(s) stored in 
the connection between the first and the second com- * said internal storage of said first electronic card, 
puter system than the supplementing (which is charac- 50 said first set of data being output from said first elec- 
teristic to the invention) of both the first and the second tronic card in encrypted form via said input/output 
computer system with associated input and output sta- gate of said first electronic card, being transferred via 
tions, which are used for input and output of data in the said first station to said first computer system and 
respective electronic cards belonging to the coherent being transferred therefrom via said interfacing 
set of cards. Such coherent set of cards can be issued 55 means of said first computer system to said data trans- 
immediately, hired out or sold by a neutral and outside mission line, 

card issuer, who thus without neither transmitter or said first set of data being received by said second corn- 
receiver having to provide information about data puter system in encrypted form via said interfacing 
transmission secrets such as encryption algorithms, se- means of said second computer system, being trans- 
curity levels, etc., can enable the transmitter and the 60 ferred to said second electronic card via said second 
receiver to transfer data or electronic documents be- station and via said input/output gate of said second 
tween the corresponding computer systems without electronic card being input into and temporarily 
any risk that the data received by the receiver or the stored in said internal storage of said second elec- 
electronic document received by the receiver is not tronic card, 

identical to the data sent by the transmitter or the elec- 65 said first set of data received by said second computer 

tronic document sent by the transmitter. system in encrypted form being output from said 

In accordance with the present invention it is further- internal storage of said second electronic card and 

more possible to ensure that the transfer takes place being decrypted in said second electronic card by 
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means of said encryption/decryption means of said 
second electronic card and said decryption key(s) 
stored in said internal storage of said second elec- 
tronic card. 

said first set of data received by said second computer 
system in encrypted form and decrypted in said sec- 
ond electronic card being input into and stored in said 
internal storage of said second electronic card, 

a second set of data being generated in said second 
electronic card, said second set of data being input 
into and stored in said internal storage of said second 
electronic card, 

a first combination of said first set of data received by 
said second computer system in encrypted form, de- 
crypted and stored in said internal storage of said 
second electronic card and said second set of data 
stored in said internal storage of said second elec- 
tronic card being generated in said second electronic 
card, said first combination being input into and 
stored in said internal storage of said second elec- 
tronic card, 

said first combination being encrypted in said second 
electronic card by means of said encryption/decryp- 
tion means of said second electronic card and said 
encryption key(s) stored in said internal storage of 
said second electronic card, 

said first combination being output from said second 
electronic card in encrypted form via said input/out- 
put gate of said second electronic card, being trans- 
ferred via said second station to said second computer 
system and being transferred therefrom via said inter- 
facing means of said second computer system to said 
data transmission line, 

said first combination being received by said first com- 35 
puter system in encrypted form via said interfacing 
means of said first computer system, being transferred 
to said first electronic card via said first station and 
via said input/output gate of said first electronic card, 
being input into and temporarily stored in said inter- 40 
nal storage of said first electronic card, 

said first combination received by said first computer 
system in encrypted form being output from said 
internal storage of said first electronic card and being 
decrypted in said first electronic card by means of 45 
encryption/decryption means of said first electronic 
card and said decryption key(s) stored in said internal 
storage of said first electronic card, 

said first combination received by said first computer 
system in encrypted form and decrypted in said first 50 
electronic card being input into and stored in said 
internal storage of said first electronic card, 

said first combination stored in said internal storage of 
said first electronic card being decombined for pro- 
ducing a first set of data retransmitted to said first 55 
electronic card and a second set of data transferred to 
said first electronic card, 

said first set of data retransmitted to said first electronic 
card and said second set of data transferred to said 
first electronic card being input into and stored in said 60 
internal storage of said first electronic card, 

said first set of data stored in said internal storage of said 
first electronic card being compared to said first set of 
data retransmitted to said first electronic card and 
stored in said internal storage of said first electronic 65 
card for verification of identity between these sets of 
data for verification of the authenticity of said second 
electronic card relative to said first electronic card, 



a third set of data being generated in said first electronic 
card, said third set of data being input into and stored 
in said internal storage of said first electronic card, 

a second combination of said second set of data received 
in encrypted form by said first computer system, 
decrypted and stored in said internal storage of said 
first electronic card and said third set of data stored in 
said internal storage of said first electronic card being 
generated in said first electronic card, said second 
combination being input into and stored in said inter- 
nal storage of said first electronic card, 

said second combination being encrypted in said first 
electronic card by means of said encryption/decryp- 
tion means of said first electronic card and said en- 
cryption key(s) stored in said internal storage of said 
first electronic card, 

said second combination being output from said first 
electronic card in encrypted form via said input/out- 
put gate of said first electronic card, being transferred 
via said first station to said first computer system and 
being transferred therefrom via said interfacing 
means of said first computer system to said data trans- 
mission line, 

said second combination being received by saic| second 
computer system in encrypted form via said interfac- 
ing means of said second computer system, being 
transferred to said second electronic card via said 
second station and via said input/output gate of said 
second electronic card, being input into and tempo- 
rarily stored in said internal storage of said second 
electronic card, 

said second combination received by said second com- 
puter system in encrypted form being output from 
said internal storage of said second electronic card 
and being decrypted in said second electronic card by 
means of said encryption/decryption means of said 
second electronic card and said decryption key(s) 
stored in said internal storage of said second elec- 
tronic card, 

said second combination received by said second com- 
puter system in encrypted form and decrypted being 
input into and stored in said internal storage of said 
second electronic card, 

said second combination stored in said internal storage 
of said second electronic card being decombined for 
producing a second set of data retransmitted to said 
second electronic card and third set of data trans- 
ferred to said second electronic card, 

said second set of data retransmitted to said second 
electronic card and said third set of data transferred 
to said second electronic card being input into and 
stored in said internal storage of said second elec- 
tronic card, and 

said second set of data stored in said internal storage of 
said second electronic card being compared to sec- 
ond set of data retransmitted to said second electronic 
card and stored in said internal storage of said second 
electronic card for verification of identity between 
these sets of data for verification of the authenticity of 
said first electronic card relative to said second elec- 
tronic card. 

In this authenticity verification the first, the second 
and the third set of data serve in a unique and logical 
way relative to the first and the second electronic card 
to verify that the transfer of data or the electronic docu- 
ment has taken place correctly and thus that the data or 
the electronic document which is received by the sec- 
ond electronic card, is identical to the data sent by the 
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first electronic card or the electronic document sent by 

the first electronic card and further to ensure that the 

transmitter and the receiver are authorized transmitter 

and received, respectively, and also that the transmitter 

and receiver are what they pretend to be. 5 
According to a first embodiment of the invention the 

integrity verification is made by 

a compacted version of said data or said electronic 
document being generated in said first computer sys- 
tem or said first electronic card, said compacted ver- 10 
sion being input into and stored in said internal stor- 
age of said first electronic card, 

a compacted version of said data transferred to said 
second computer system or of said electronic docu- 
ment transferred to said second computer system 15 
being generated in said second computer system or in 
said second electronic card, said compacted version 
being input into and stored in said internal storage of 
said second electronic card, 

said compacted version stored in said internal storage of 20 
said first electronic card being output from said inter- 
nal storage of said first electronic card and encrypted 
in said first electronic card by means of said encryp- 
tion/decryption means of said first electronic card 
and said encryption key(s) stored in said internal 25 
storage of said first electronic card, 

said compacted data or document version encrypted by 
said encryption/decryption means of said first elec- 
tronic card being output from said first electronic 
card via said input/output gate of said first electronic 30 
card, being transferred via said first station to said 
first computer system and being transferred there- 
from via said interfacing means of said first computer 
system to said data transmission line, 

said encrypted and compacted data or document ver- 35 
sion transferred from said first computer system being 
received by said second computer system via said 
interfacing means of said second computer system, 
being transferred to said second electronic card via 
said second station and via said input/output gate of 40 
said second electronic card, being input into and 
temporarily stored in said internal storage of said 
second electronic card, 

said compacted data or document version received by 
said second computer system in encrypted form being 45 
output from said internal storage of said second elec- 
tronic card and being decrypted in said second elec- 
tronic card by means of said encryption/decryption 
means of said second electronic card and said decryp- 
tion key(s) stored in said internal storage of said sec- SO 
ond electronic card, 

said decrypted, compacted data or document version 
received by said second computer system in en- 
crypted form and decrypted by said second elec- 
tronic card being input into and stored in said internal 55 
storage of said second electronic card, 

a comparison of said compacted data or document ver- 
sion stored in said second electronic card and said 
decrypted, compacted data or document version re- 
ceived by said second computer system in encrypted 60 
form and decrypted being made in said second elec- 
tronic card for verification of the integrity of or iden- 
tity between said data transferred from said first com- 
puter system and said data received by said second 
computer system or of the integrity of or identity 65 
between said electronic document transferred from 
said first computer system and said electronic docu- 
ment received by said second computer system. 
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According to a further and alternative embodiment 
of the invention the integrity verification is made by 
a compacted version of said data or said electronic 
document being generated in said first computer sys- 
tem or in said first electronic card, said compacted 
version being input into and stored in said internal 
storage of said first electronic card, 
a compacted version of said data transferred to said 
second computer system or said electronic document 
transferred to said second computer system being 
generated in said second computer system or in said 
second electronic card, said compacted version being 
input into and stored in said internal storage of said 
second electronic card, 

said compacted version stored in said internal storage 
of said second electronic card being output from 
said internal storage of said second electronic card 
and encrypted in said second electronic card by 
means of said encryption/decryption means of said 
second electronic card or said encryption key(s) 
stored in said internal storage of said second elec- 
tronic card, 

said compacted data or document version encrypted by 
said encryption/decryption means of said second 
electronic card being output from said second elec- 
tronic card via said input/output gate of said second 
electronic card, being transferred via said second 
station to said second computer system and being 
transferred therefrom via said interfacing means of 
said second computer system to said data transmis- 
sion line, 

said encrypted and compacted data or document ver- 
sion transferred from said second computer system 
being received by said first computer system via said 
interfacing means of said first computer system, being 
transferred to said first electronic card via said first 
station and via said input/output gate of said first 
electronic card, being input into and temporarily 
stored in said internal storage of said first electronic 
card, 

said compacted data or document version received by 
said first computer system in encrypted form being 
output from said internal storage of said first elec- 
tronic card and being decrypted in said first elec- 
tronic card by means of said encryption/decryption 
means of said first electronic card and said decryption 
key(s) stored in said internal storage of said first elec- 
tronic card, 

said decrypted, compacted data or document version 
received by said first computer system in encrypted 
form and decrypted by said first electronic card being 
input into and stored in said internal storage of said 
first electronic card, 
a comparison of said compacted data or document ver- 
sion stored in said first electronic card and said de- 
crypted, compacted data or document version re- 
ceived by said first computer system in encrypted 
form and decrypted being made in said first elec- 
tronic card for verification of the integrity of or iden- 
tity between said data transferred from said first com- 
puter system and said data received by said second 
computer system or of the integrity of or identity 
between said electronic document transferred from 
said first computer system and said electronic docu- 
ment received by said second computer system. 
In accordance with the presently preferred embodi- 
ment, the integrity verification is, however, made by 
transferring a compacted data or document version 
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from the first electronic card to the second electronic 
card as well as from the second electronic card to the 
first electronic card and comparing both transferred, 
compacted data or document versions to stored, com- 
pacted data or document versions in the two electronic 5 
cards. 

According to alternative embodiments of the method 
according to the invention, said alternative embodi- 
ments constituting combinations of the authenticity and 
integrity verifications, said transfer of said compacted 10 
data or document version generated in said first com- 
puter system or in said first electronic card from said 
first electronic card to said second electronic card is 
made simultaneously with said transfer of said data or 
said electronic document itself, said data or electronic 15 
document and said compacted data or document ver- 
sion being combined and encrypted as a whole before 
said transfer, or alternatively said transfer of said com- 
pacted data or document version generated in said sec- 
ond computer system or in said second electronic card 20 
from said second electronic card to said first electronic 
card is made simultaneously with a retransmission of 
said data or said electronic document received from 
said first electronic card from said second electronic 
card to said first electronic card, said data or electronic 25 
document to be retransmitted and said compacted data 
or document version being combined and encrypted as 
a whole before said transfer. 

According to a combination of these alternative in- 
tegrity and authenticity verifications, a simultaneous 30 
retransmission of said compacted data or document 
version received by said second electronic card and 
generated in said first computer system or in said first 
electronic card is made at said transfer of said com- 
pacted data or document version generated in said sec- 35 
ond computer system or in said second electronic card 
and said retransmission of said data or said electronic 
document from said second electronic card, both com- 
pacted data or document versions and said data or said 
electronic document to be retransmitted being com- 40 
bined and encrypted as a whole before said transfer. 

The above stated objects are alternatively obtained in 
accordance with the invention by a method of the type 
defined above, which method in accordance with a 
second aspect of the invention is characterized in that 45 

for said transfer 
a first station is used, which is secured against illegal 
entry, i.e. a so-called "tamper-proof station, for out- 
putting data from and inputting data into 
a first card, said first station being connected to and 50 
communicating with said first computer system 
and furthermore being connected to said data 
transmission line via said first computer system and 
interfacing means, and said first station having a 
central processing unit, an internal storage, an in- 55 
put/output means for outputting data from and 
inputting data into said first card as well as an en- 
cryption/decryption means, and 
a second station is used, which is secured against 
illegal entry, i.e. a so-called "tamper-proof* station, 60 
for outputting data from and inputting data into a 
second card, said second station being connected to 
and communicating with said second computer 
system and furthermore being connected to said 
data transmission line via said second computer 65 
system and interfacing means, and said second 
station having a central data processing unit, an 
internal storage, an input/output means for output- 



10 

ting data from and inputting data into said first card 
as well as an encryption/decryption means 
said first and second card constituting a coherent set 
of cards comprising coherent data input into said 
cards concerning said coherent encryption/de- 
cryption keys stored in said internal storages of said 
corresponding stations, 
said data or said electronic document being transferred 
to said first station and being input into and temporar- 
ily stored in said internal storage of said first station, 
said data or said electronic document being output from 
said internal storage of said first station and being 
encrypted in said first station by means of said en- 
cryption/decryption means of said first station and 
said encryption key(s) stored in said internal storage 
of said first station, 
said data or said electronic document being output from 
said first station to said first computer system in en- 
crypted form and therefrom via said interfacing 
means of said first computer system to said data trans- 
mission line, 

said data or said electronic document being received by 
said second computer system in encrypted form via 
said interfacing means of said second computer sys- 
tem, being transferred to said second station, being 
input into and temporarily stored in said internal 
storage of said second station, 
said data or said electronic document received in en- 
crypted form being decrypted in said second station 
by means of said encryption/decryption means of 
said second station and said decryption key(s) stored 
in said internal storage of said second station, and 
said data or said electronic document in said second 
station being output from said second station after 
decryption to said second computer system. 
This alternative method according to the second 
aspect of the invention is preferably in accordance with 
advantageous embodiments of the method implemented 
in accordance with the above stated embodiments of the 
method according to the first aspect of the present in- 
vention. 

The present invention furthermore relates to a system 
for transferring data, an electronic document or the like 
from a first computer system to a second computer 
system, said second computer system being autonomous 
in relation to said first computer system, via a data 
transmission line, e.g. a public data transmission line, in 
accordance with the method according to the first as- 
pect of the invention, which system in accordance with 
the invention is characterized in that it comprises the 
first station and the second station, which are connected 
to and communicate with the first and the second com- 
puter system, respectively, and which furthermore via 
the first and the second computer system, respectively, 
and the corresponding interfacing means are connected 
to the data transmission line, as well as the first and the 
second electronic card, which constitute a coherent set 
of cards comprising the coherent encryption/decryp- 
tion keys input into the internal storages of the cards. 
The coherent set of cards used in this system according 
to the invention preferably comprises cards of the type 
DES Smart Card (Philips), Super Smart Card (Bull) or 
CP8 Smart Card (Bull) or at least a card implemented 
on a printed circuit card, a thick-film substrate, a thin- 
film module, etc. 

The present invention furthermore relates to a system 
for transferring data, an electronic document or the like 
from a first computer system to a second computer 
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system, said second computer system being autonomous reference numeral 100 in its entirely, and a second corn- 
relative to said first computer system, via a data trans- puter system shown in the right-hand part of FIG. 1 and 
mission line, e.g. a public data transmission line, said designated the reference numeral 200 in its entirety. The 
system being characterized in that it comprises said first two computer systems 100 and 200 are shown schemati- 
station and said second station, which are connected to 5 cally comprising the same types of elements, which for 
and communicate with said first and said second com* the two computer systems are indicated by the same 
puter system, respectively, and which furthermore via two last digits of the reference numerals, the reference 
said first and said second computer system, respec- numerals for elements belonging to the first computer 
tively, and corresponding interfacing means are con- system 100 beginning with the digit 1 arid the reference 
nected to said data transmission line, as well as said first 10 numerals for elements belonging to the second com- 
and said second card, which constitute a coherent set of puter system 200 beginning with the digit 2. The two 
cards comprising said coherent data input into said computer systems 100 and 200 thus each comprises an 
cards concerning said coherent encryption/decryption "inhouse" main computer, 102, 202, respectively. These 
keys stored in said internal storages of said correspond- main computers 102 and 202 communicate via data lines 
ing stations. The coherent set of data, which is used 15 104, 204 with terminals or personal computers (PCs) 
according to the system and the method according to 106, 206, which each comprises a keyboard 108, 208, a 
the second aspect of the invention can be a magnetic computer section 110, 210 and a computer screen 112, 
card as well as an electronic card which again can be of 212. The terminals or the PC's 106, 206 furthermore 
above-mentioned type. In accordance with this aspect communicate with the associated diskette stations or 
of the invention, any other medium can furthermore be 20 optical disc store 114, 214 as well as hard disks 116, 216 
used. with associated back-up diskette stations or optical disc 

The present invention furthermore relates to an elec- store 118, 218. The terminals or the PCs 106, 206 are 
tronic card comprising a central data processing unit, an furthermore via respective data transmission lines 120, 
internal storage, an input/output gate for communica- 220 connected to respective stations 122, 222 for input 
tion with a associated station for outputting data from 25 and output of data in respective electronic cards or chip 
and inputting data into the electronic card as well as an cards, so-called Smart Cards, which are indicated by 
encryption/decryption means, which card according to the reference numerals 124, 224. , 
the invention constituting a first electronic card of a Together with the associated peripheral equipment 
coherent set of cards comprising the first electronic comprising the diskette stations or optical disc store 
card and a second electronic card, which electronic 30 114, 214, the hard disks 116, 216, the back-up diskette 
cards have coherent encryption/decryption keys and stations or optical disc store 118, 218, the associated 
are designed to be used in accordance with a method stations 122, 222 as well the associated electronic cards 
according to the first aspect of the invention. 124, 224, the terminals or the PCs 106, 206 are con- 

The encryption made according to the invention can tained in the blocks 126, 226 indicated by dotted lines, 
be made according to arbitrary known technique and 35 The task or object of the invention is to provide a 
comprise symmetrical or asymmetrical encryption/de- possibility of transferring data from the first computer 
cryption algorithms such as DES algorithms, RSA system to the second computer system, by which data 
algorithms or the like. The encryption/decryption algo- transfer it is ensured that the data sent is identical to the 
rithms can furthermore be combined. data intended to be sent, that the data received is identi- 

The invention will now be further described with 40 cal to the data sent, and preferably furthermore that the 
reference to the drawing, transfer only takes place between parties specifically 

in which FIG. 1 shows a system according to the intended to send and receive data, that receipt of the 
invention comprising a first computer system and a data is acknowledged by the receiver and furthermore 
second computer system communicating with each that receipt of the receiver's acknowledgement is ac- 
other via a data transmission line for carrying out the 45 knowledged by the sender relative to the receiver. In 
method according to the invention, the following description, the data transfer is meant to 

FIG. 2 schematically shows the structure of the soft- take place from the first computer system 100 to the 
ware of the system shown in FIG. 1, second computer system 200, but it is of course clear 

FIG. 3 schematically shows a system according to that the data transfer can also take place in the opposite 
the invention comprising two computer systems com- 50 direction. According to the invention the data transfer 
municating with each other via a data transmission line, can furthermore consist in an exchange of data between 
and furthermore a mini computer, the two computer systems, i.e. comprise a transfer of 

FIG. 4 schematically shows an enlarged system com- data from the first computer system 100 to the second 
prising three computer systems, which according to the computer system 200 and transfer of data from the sec- 
teaching of the invention communicate with each other 55 ond computer system 200 to the first computer system 
via a data transmission line, and one of which further- 100. Neither of the respective sides of the two computer 
more communicates with two terminals or Minitels via systems 100 and 200 has any knowledge of security 
appropriate interfacing means and the data transmission levels, transmission protocols, encryption/decryption 
line, algorithms etc. of the other computer system. Via inter- 

FIG. 5 shows a block diagram of an authenticity 60 facing means contained in the associated terminals or 
verification, and PCs 106, 206 and the associated data transmission lines 

FIG. 6 shows a block diagram of an integrity verifica- 128, 228, the two computer systems 100 and 200 are 
tion. connected to a public data transmission network, which 

In FIG. 1, a system according to the invention for is collectively indicated by the reference numeral 300. 
carrying out the method according to the invention is 65 Instead of a public data transmission network, e.g. an 
shown schematically, which system comprises two au- X25 data network, the data transmission network 300 
tonomous computer systems, a first computer system can be a private network or comprise combinations of 
shown in the left-hand part of FIG. 1 and designated the public and private computer networks and furthermore 
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via associated modems (modulators/demodulators) be In FIG. 2 the software design of the main computers 

connected to e.g. telephone lines or other signal or 102, 202 of the computer systems 100 and 200 and the 

transmission lines. * terminals or PC's 106, 206 is shown schematically. It is 

In order to ensure that the above stated requirements to be realized that the software design is only intended 
for data transfer are met, the data transfer is made by the 5 to be illustrative and explanatory and in no way to be 
data to be transferred from the computer system 100 to construed limiting the scope as defined in the appended 
the computer system 200 first being output from the claims. Each main software comprises an "inhouse" 
main computer 102 of the computer system 100 to the software 130, 230, a communications protocol 132, 232 
terminal or the PC 106 and being transferred to the for transfer of data to the associated terminal or PC 106, 
station 122. From the station 122 the data is transferred 10 206 via the data transmission lines 104, 204 (e.g. an 
to the electronic card 124 via the input/output gate of asynchronous RS 232 communications protocol), two 
this card, whereupon the data is processed exclusively software converter or compiler blocks 134, 234 and 136, 
by the electronic card 124. Similar to the card 224, the 236 for conversion or compiling from "inhouse" format 
card 124 has in addition to the above-mentioned input- to the transmission protocol determined by the block 
/output gate, a central processing unit or CPU, an inter- 15 132, 232 and from the transmission protocol determined 
nal storage, an encryption/decryption block which by the block 132, 232 to "inhouse" format, respectively, 
controlled by the internal central processing unit of the The main computer software 102, 202 may further corn- 
card is able to encrypt and decrypt the data by output- prise a further block 138, 238, a so-called Edifact soft- 
ting data from the card or by inputting data into the ware, which will be described below, 
card, respectively, by use of one or more encryption/- 20 The terminals or the PCs 106, 206 contain the fol- 
decryption keys input into the card in advance, as will lowing software blocks: a communications protocol 
be described in greater detail below in a detailed sys- 140, 240 for communication with the main computer 
tem/software description. For the transfer of data be- 102, 202 via the data transmission line 104, 204, an inter- 
tween the cards, the cards 124, 224 have been issued nal central software 142, 242 controlling the functions 
together and constitute a coherent set of cards being 25 of the terminal or the PC in question, a converter or 
preprogrammed as regards encryption/decryption al- compiler software 144, 244 corresponding to the soft- 
gorithms and keys in such a way that the cards are able ware block 138, 238 of the main computer 102, 202, a 
to communicate with each other and decrypt data trans- communications protocol 146, 246, e.g. an X25 proto- 
ferred from the first card to the second card and vice col, which protocols constitute the interfacing means of 
versa. 30 the terminal or the PC to the associated data transmis- 

In the electronic card 124, an encryption of the data sion line 128, 228, a software block 148, 248 for commu- 
input is then made, the encrypted data is transferred via ideation with the associated peripheral equipment of the 
the station 122, the data transmission line 120, the termi- terminals or the PC's such as the diskette stations and 
nal or the PC 106, the associated interfacing means and hard disks 114, 214 and 116, 216 shown in FIG. 1, a 
the data transmission line 128 to the data transmission 35 software block 150, 250 containing information regard- 
network 300, from which the data via the data transmis- ing e.g. "black lists" etc. and finally a software block 
sion line 228, the interfacing means of the terminal or 152, 252 for communication with the associated station 
the PC 206, the terminal or the PC 206, the data trans- 122, 222. The PC program may further comprise a 
mission line 220 and the station 222 is transferred to the block corresponding to the blocks 138 and 238 dis- 
electronic card 224, in which the data is decrypted by 40 cussed above and comprising Edifact software, 
means of the encryption/decryption key(s) stored in the It is to be noted that the data transfer comprising 
card corresponding to the encryption/decryption keys authenticity/integrity verification etc., which is charac- 
of the card 124. After decryption of the data in the card teristic of the invention, can be implemented with an 
224 the data can be output in clear text from the elec- integrated circuit card constituting a combination of a 
tronic card 224. to the station 222 and be transferred via 45 station and an electronic card such as a combination of 
the data transmission line 220, the terminal or the PC the station 122 and the card 124 or of the station 222 and 
206 and the data transmission line 204 to the main com- the card 224. Such printed circuit cards are shown in 
puter 202. As the data transfer from the first computer the lower part of FIG. 2 and designated the reference 
system 100 to the second computer system 200 only numerals 160 and 260, respectively. The printed circuit 
takes place between the two electronic cards 124 and 50 card 160, 260 thus constitutes a complementary card 
224 it is ensured that the data version output from the relative to the second printed circuit card or relative to 
electronic card 224 is identical to the data version input an electronic card for use in connection with an associ- 
into the electronic card 124. Hereby it is ensured that ated station. Thus the printed circuit card 160 can be a 
the data transferred to the second computer system 200 circuit card complementary to the printed circuit card 
is identical to data intended to be sent from the first 55 260 or a card complementary to the electronic card 224. 
computer system 100, and seen from the point of view Correspondingly the printed circuit card 260 can be a 
of the first computer 100 it is also ensured that the data card complementary to the electronic card 124 or a 
version which the computer system 200 has received is card complementary to the printer circuit card 160. 
identical to the data which was initially sent from the In a further alternative embodiment of the invention 
first computer system 100. 60 the above described data transfer from the electronic 

In the below system description it will furthermore card 124 to the electronic card 224 can be established 

be explained how an authenticity verification between between corresponding security modules 170, 270, 

the two electronic cards 124, 224 is made prior to the which are shown in the lower part of FIG. 2. These 

actual transfer and furthermore how acknowledge- security modules or security terminals constitute so- 

ments containing compacted data versions are signed 65 called "tamper-proof 1 stations, i.e. stations which due 

for integrity verification, which acknowledgements are to their special physical design make it impossible to 

transferred between receiver and sender, i.e. between open the system and thus reveal material as well as 

the card 224 and the card 124. software. Similar to the electronic cards 124, 224, these 
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security modules contain an input/output gate, a central In FIG, 4 an alternative computer system configura- 

processing unit, internal storages and encryption/de- tion is shown which in addition to the above described 

cryption blocks. In contrast to the electronic cards 124, computer system comprising the first computer system 

224 and the printed circuit cards 160, 260 integrating 100 and the second computer system 200 which are 

stations and cards, the internal storages of the security 5 interconnected via the network 300, includes a number 

modules can contain more encryption/decryption keys, of mini computer systems, in the present case two mini 

which are addressed to a given data transfer by means computer systems 406 which are preferably so-called 

of a card, e.g. an electronic card or a magnetic card, Minitel computers, communicating with an associated 

which similar to the electronic cards 124, 224 and host which is shown in the upper central part of FIG. 4 

printer circuit card 160, 260 integrating stations and 10 a* 10 * designated the reference numeral 400 in its entirety, 

electronic cards are issued by a card issuer, who corre- and which constitutes a computer system. The mini 

sponding to the electronic card or magnetic card in computer systems 406 and the host 400 constitute a 

question issues a corresponding magnetic card or an so-called videotex system which will be explained in 

electronic card or a printed circuit card for use at data greater detail below in the system/software description, 

transfer from a security module addressed by the mag- 15 ^ communication between the Minitel computers 406 

netic card in question to a security module addressed by md tne host 400 is preferably made in accordance with 

an associated electronic card and finally to a printed ^ LECAM protocol developed by FRANCE TELE- 

circuit card or vice versa. COM. The computer system 400 constitutes a computer 

In FIG. 3, a system which is enlarged as compared to svstem corresponding to one of the computer system 

the system shown in FIG. 1 is shown schematically, and 20 ^ ™> and betwera the computer system 400 and one 

which in addition to the two computer systems 100 and ? f «?P»» systems 100, 200 data can be trans- 

200 comprises a mini computer which is designated the ferred b ? th ^ m * e a * ove topnbcd manner by 

referencenumeral306mitsentiretyandhasakeyboard mea * s of two coherent cards, especially two coherent 

308, a central processing unit 310 and a computer screen „ dectromc cards^Thus the computer system 400 is basi- 

312. The mini computer system 306 can furthermore 25 °f a structure eqmvalent to the structure of the 

comprise peripheral equipment such as a diskette station co ^ nt ? 1 v u "ST?" * ^ 
™ * to™ oto*L o «JL*«. — ~ processing unit 402, which is connected to a communi- 
IS^ ™^^ TZ «-tons block 426 corresponding to the blocks 126, 226 
ment is not shown in FIG 3k For £ansfer of data to one via data ^^on line 4M, which block 426 is 
of the computer systems 100 or 200 or for recepUon of ^ network m ^ daU 
data from one of these computer systems in accordance ^ 428 corresponding to ^ data transmission Mts 
with theteaching of fce mvention, the mini computer 128 m The ut * tem m furthermore ^ 
system 306 is connected to a station 322, corresponding ^ a hafd ^ or ^ a ^ 
to the stations 122, 222 shown in FIGS 1, 2 and 3 via w md a ^ reader w The card ^ ^ {$ 
a data transmission hne 320 correspondmg to the data 35 ad ted t0 receive ^ eIectronic ^ of ^ above de . 
transmission lines 120 and 220 shown in FIG. 1 Via a Jdnd( especiallv a 9Q<aM smart card, at trans- 
data transmission hne 328 corresponding to the data fer of data to ^ from ^ MiniteI computer 406, as wfll 
transmission hues 128 228 via an mterfacing means be explained in greater detail below in the system/soft- 
contained in the central data processing unit 310 of the ware desc ription. The card reader or the station 464 on 
mini computer system and furthermore possibly via a 40 the other hand has n0 cormec tion to the external com- 
modem, which is not shown in FIG. 3, the mini com- puter systems 10 o, 200, as the data transfer between the 
puter system 306 is connected to a pubhc telephone computer system 400 and one of the computer systems 
network 330. The public telephone network 330 is via a 100 , 2 00 is controlled by the communication block 426 
modem, which is neither shown in FIG. 3, and a data ^ ^ above described way. The individual Minitel 
transmission line 332 connected to a converter 346 con- 45 computers 406 has a keyboard 408, a computer screen 
taming converter or compiler sub-blocks 334, 336 corre- 4^ and a card reader 422, which like the card reader 
sponding to the software blocks 134, 234 and 136, 236 4^4 is adopted to receive an electronic card, which 
shown in FIG. 2 and which via a data transmission line ma kes it possible to transfer data to and from the Minitel 
338 is connected to the network 300. computer 406 from and to the computer system 400, 
By means of two coherent cards one of which is 50 respectively. The connection from the individual Mini- 
received in the station 322, and another one of which is tel computer 406 to the computer system 400 is estab- 
received in the station 122 or 222 of the computer 100 or lished via a data transmission line 428 connecting the 
200 respectively, it is possible in accordance with the individual Minitel computer 406 to a public telephone 
teaching of the invention possible to transfer data to and network 430 by means of appropriate modem units, a 
from the mini computer system 306 from and to the 55 connection from the public telephone network 430 to 
computer system in question, respectively, the associ- the computer system 400 being established via a first 
ated card station of which computer system has re- data transmission line 432, a converter or compiler 446 
ceived an electronic card, not shown, corresponding to and a second data transmission line 438. 
the electronic card received in the card station 322. The Minitel computers shown in FIG. 4 first of all 
Similar to the mini computer system 306, the computer 60 serve the purpose of distributing electronic document 
system with which the mini computer is communicating "mail" internally within the Minitel system belonging to 
can have, its electronic card integrated with the corre- the computer system 400, as data or document transfer 
sponding station in a printed circuit card, similar to the is made from the individual Minitel computer 406 via 
printed circuit cards shown in FIG. 2 and designated the public telephone network 430 and the network 300 
the reference numerals 160, 260 belonging to the com- 65 by means of an electronic card issued . by the institution 
puter systems 100, 200, or have a security module or which runs the computer system 400 to the station 464 
security terminal which is addressable by means of an of the computer system 400. The computer system 
electronic card or a magnetic card as explained above. shown in FIG. 4 furthermore provides the possibility of 
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transferring data or documents from the individual tive search. It must be required that two different keys 

Minitel computer 406 to the computer system 400, from encrypt the same clear text into different crypto texts, 

which system data or documents can be transferred Exactly how large the key room must be, naturally also 

again to a second computer system, e.g. the computer depends on the resources which are available to a po- 

system 100 or the computer system 200 via the data 5 tential "enemy". For the transactions mentioned in this 

transfer block 426 with associated electronic cards, in system, 56 bits as in DES are sufficient, as it on average 

accordance with the above described data transfer. will take at least 4 months to decipher a crypto text with 

EXAMPLE the fastest available computer power. As a new key is 

used for each transmission, it will be practically impos- 

A computer system of the type shown in FIGS. 1 and 10 sible to obtain full insight. 

2 was implemented with: Re 2. Even though many coherent clear text mes- 

Personal Computer: sages and corresponding crypto text messages are 

At 10 MHz with 640 kbytes storage, known, it must not be possible to determine the applied 

40 Mbyte hard disk, 2 serial RS232 gates, Danish key- key on the basis of this. 

board, black/white screen including adapter. 15 Re 3. In the crypto text there must be no statistical 

Type: Philips P3204. significant trace of the clear text. If there is no such 

The following software was used: trace, the "enemy's" only weapon is exhaustive search, 

MS-DOS operating system version 3.3. if only the crypto text is available. 

Type: Microsoft Re 4. The interface specifications for the transmission 

RTOS Real Tune Operating System version 4.00. 20 network via which the encrypted data or text has to be 

Type: Dansk Informations Teknologi transmitted, normally also prescribe transmission of 

X.25 Communication card— 16 gates: operational control information which should of course 

Type: Stollmann SICC-PC-X25. not be encrypted similar to address fields and the like 

SmartCard reader , with power supply and RS232 for the data mentioned. Problems may arise, if the inter- 
interface cable: 25 facing means does not have a stratified structure or if it 
Type: Philips/Control Data Laserdrive 510 DT is not quite clear at which level the encryption is to take 

For this system implementation, software was used place, 

developed by Net-plus ( ©1989). The software is devel- Use of chip cards and the DES algorithm provides a 

oped in C, Pascal and Assembler. solution in which 1. the size of the key room is suffl- 

In the computer system, data and documents in en- 30 cient, especially as different keys are used for different 

crypted and not encrypted form were furthermore ex- transfers, and the key for exchange of encryption key is 

changed between a Minitel terminal of the type shown safely hidden in the chip card, 

in FIG. 4 with the reference numeral 406 and a com- 2. it has no practical value to find a key on the basis 

puter system of the above described type in accordance of both clear text and crypto text, as this key is only 

with the principles of the invention by means of the 35 used for one transmission, and 

LECAM protocol developed by FRANCE TELE- 3. DES encryption of the documents ensures that 

COM ( ©December 1987— FRANCE TELECOM— there is no clear text in the crypto texts. 

TELETEL). When using chip card and DES algorithm in this 

A detailed system and software specification will be way, the public X.25 network as well as a teletel video- 
described below concerning both data transfer from the 40 tex network are used. Both these networks facilitate a 
first computer system to the second computer system, transparent transfer of encrypted text. There are vari- 
e.g. from the computer system 100 to the computer ous protocols for transfer, which are followed in con- 
system 200, and data transfer to and from a Minitel nection with the document transfer. For the videotex 
computer 406 to and from the computer system 400, network, the LECAM protocol is used, 
respectively. 45 Symmetrical/asymmetrical systems 

System and software description: Wherever possible, simple methods are used for se- 

The system has an interface to a large surrounding curing data, however, without reducing the security, 
world, which is not under control under all circum- Accordingly a symmetrical system (e.g. DES) is pre- 
stances. This implies that it must be ensured that unau- ferred to an asymmetrical system (e.g. RSA), as an 
thorized persons do not get unauthorized access to or 50 asymmetrical system, such as RSA requires far more 
insight into the system. Below, the security of the sys- computer power than a symmetrical system, such as 
tern is described and the requirements which are fur- DES. A symmetrical system, such as DES, on the other 
thermore made to the system, so that this can be of hand, requires greater security concerning keys. (Con- 
practical use. cerning DES and RSA see above). 

There are security systems which are impossible to 55 1. Symmetrical crypto systems 

break, but which are. useless in practice, but also secu- 2. Asymmetrical crypto systems 

rity systems which are commercially available and ap- 3. Speeds 

pear to be of practical use, but which unfortunately are Re 1. A symmetrical crypto system is characterized 

also easy to break. in that the same key is used for encryption and decryp- 

A number of security requirements which the system 60 tion. A much used and safe algorithm for this use is the 

fulfils will be described now: DES algorithm. 

1. Large key room The DES algorithm (Data Encryption Standard) was 

2. No real or statistical possibility of finding a key on the developed by IBM in cooperation with the National 
basis of clear text and crypto text Bureau of Standards NBS) and published in 1977. DES 

3. No clear text in crypto text 65 is only used for civilian encryption and is today the 

4. Stratified structure of the transmission network most widespread crypto system. In particular, DES is 
Re 1. The number of keys must be so large that it is very much used within the banking world, also in the 

not practically possible to find the right key by exhaus- "DANKORT'-system. 
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In the DES algorithm, encryption is made in blocks numbers, which have the effect that it by means of 

of 64 bits by means of a key of 56 bits. First, the 64 bits known methods will take billions of years to find the 

to be encrypted are subjected to a permutation, which divisors in n on the basis of n=pq (p and q are kept 

serves to mix the bits, as input in the typical application secret). It is necessary that these properties are available 

consists of 8 bytes. Following this, 16 iterated encryp- 5 because of the security of the system. Then a number e 

tions are made by means of various keys, derived from & chosen, which must be prime with (p-1) (q-1). 

the chosen key and the clear text, as the 64 bits before Knowing p and q it is possible to find another number d 

each iteration have been divided into a left-hand side Li ^ ^ f 0 i lowmg properties: 

and a right-hand side Ri, each consisting of 32 bite. In Given a wndoBl number m less ^ the remainder 

^ * Ta ? s ^* I 7 ^ e left-hand l0 of m , e (Le . m mu iti pli ed by itself (d multiplied by e) 

h JT ,+ v^ ^ v R i + 1 " ^ t^es) by subsequent division of integers with n, wiU 

duced as XOR of Li and 32 other bits, which appears as * • u 

a complex, but completely described function of Ri and ag ?f? &ve ™ I ? umDer m ; . 

Ki+ 1" where Ki+ lis a key of 48 bits, which is derived M lt * P 0 ? 5 ?* 6 m "f^ ways " dmde J"" 8 ** * to 

from the chosen key of 56 bits, 15 *° cks > <** be represented uniquely^as numbers 

The function itself can be described as follows: the 32 " between 1 ™ d W K™*™* ° f A * CI1 1°**' A ° lea 5 

bits in Ri are changed to 48 bits by bitshifting and are text m ' represented in this way, is thereafter encrypted 

then permuted. XOR of Ki+ 1 is generated. The result- 35 
ing 48 bits are counted 6 at a time in 8 families, which by c=m< moduhls 

means of S-boxes are converted to 8 families with only 2 q c=m m ™ n » 

4 bit in each, so that 32 bits are delivered. After a fixed «, . , f l4 . r , . tf ^ . 

permutation of these, the above 32 bits are found. ~?er of m multrpked by itself e times, by 

After 16 iterations, the 64 bits are permuted with the subsequen division of integers with r. 
inverse permutation of the initial one This is necessary Decryption of c is made by calculating 
to ensure that the subsequent decryption of the crypto 2 $ c" modulus n 
text can be made by simply performing the DES- 

algorithm again, but with the 16 derived keys in inverse which to the above h ^ t0 m> 

or - er " ~ , ■ . _ The pair of numbers (e, n) can, of course, be used to 

Re 2. The difference between a symmetrical crypto ^ ^ ^ ^ k 

system and an asymmetrical crypto system is that it is 3Q r J r ' 
not possible in an asymmetrical system by way of calcu- p ^ = m e m0 dulus n ^ 

lation to find the decryption key, even though the en- 
cryption key is known, and vice versa. whereas the pair of numbers (d, n) specifies the secret 

Instead of encryption and decryption" it is there- ^ey 
fore more correct to speak of a secret transformation ^ 
key SK (Secret Key) and a public transformation key S(x)=*x rf modulus n, 

PK (Public Key). In particular, it is required for all 

messages, X that (it i s only d, which must be kept secret, together with p 

and q). 

PK(SK(X)>-X and SK(PK(X))-OC ^ Herfiby & pubIic key system 

A . . , . . , , - , Re 3. An important requirement for crypto systems is 

An asymmetrical crypto system can be used for both often ^ £^ ^ . Hardware 
concealment and authenticity, and even for generation . 4 , Al _ f . , , . . „ 

of digital signatures. It must" however, be pointed out W** £ here the algonthm is stored in a speedy 
that for each individual user A who chooses a key or de ?S ned chl P' °P e ™» WI * far ^ ter , S P?* than f 
rather a pair of keys (PA, SA) f A can use SA for receipt « software equipment. It may be a question of a factor of 
of secret messages as well as for his own digital signa- hundred or mor f ' ^pending 0 n the equipment 
tare and other persons' public keys to send concealed £ s 311 exam P le * 18 t0 * J 1 "?^ ^ DES m 
messages. In return, other persons can use A's public softwa f m e g. equipment with an INTEL 8086 proces- 
key to send concealed messages to A. sor ■» d a clock frequency of 4,7 MHz encrypts at a 

One of the best known asymmetrical crypto systems 50 speed of approx a few thousand bits per second (there 
is the RSA crypto system (named after the fathers of the * a Possibility of considerable variations depending on 
system: Rivest, Shamir and Adelman). It is based on ™ e implementation). 

experiences which mathematicians have obtained over As regards software implementation of RSA the fast- 
several thousand years concerning prime numbers. It is ^ 32 blt chi P s today, e.g. MOTOROLA 68030, with a 
relatively easy to decide whether a specific, chosen 55 clock frequency of 20 MHz, will produce an RSA block 
number n is a prime number or not, but if it turns out. encryption of 512 bits in approx. 4. sec. and a decryp- 
that it is not a prime number, the difficulties of finding uon m approx. 1 sec. (by means of a minor mathematical 
the prime number divisors increase exponentially with artifice). By means of so-called "digital signal process- 
the magnitude of the number. Even when using all the i"g" chips, this can be reduced even further, presum- 
artifices which mathematicians have developed in the 60 ably to 1 sec. or less for an encryption, 
course of time, it has not been possible to find a simple On the market today "black boxes" are available 
way of deducing the prime number divisors. There are c ontaining encryption chi ps, which can make an en- 
extremely many numbers of hundred digits or less (the cryption with a high security level. One of these is a 
limit today is about 90), which are practically impossi- so-called SCP-box which in addition to be ing a Ch ip.* 
ble to resolve into prime factors. 65 card reader with keyboa rd for PIN-code contro l also 

In the RSA crypto system, the origin is two ran- comprises a display, a relatively fast CPU, 128 Kb 
domly chosen prime numbers p and q of approx. 100 RAM and the DES as well as RS A algorit hms. The box 
digits each. These prime numbers must be strong prime . is designed in such a WaV that it d estroys itself when it 
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is attempted to gain physical access to the electronics. keys and for generation of temporary keys for access 

iTe. it is so-called "tamper-proof box. It has an encryp- control and encryption and decryption, 

tion capacity of about 40,000 bytes per minute with the The lifetime of the chip card is divided into different 

DES algorithm. By using this box the ability of the Chip phases: 

card to store keys is used to ensure authenticity and by 5 L Pre-personalization 

means of a table int he RAM storage in combination 2. Personalization 

with the-Chia_caf ^^eys can be worked out, which are 3. Active 

unigue to tfr e individual encryption and tramfer jrfLin: 4. End-of-life 

formation. 5. Rehabilitation 

r Chip cards 10 Re 1. Pre-personalization 

From a cryptogical point of view, the explosive de- In this phase the card is empty apart from production 

velopment of very small chips has facilitated a very information. The only information contained in the card 

interesting development, viz. the chip card. This card at this time is a production key and information as to 

has the same shape and size as a magnetic card, but which "batch" the card belongs to. In order to obtain 

contains furthermore as mentioned above a small pro- 15 access to the memory of the card, it is necessary to 

cessor and a small storage (typically 1-2 kbyte), which know or gain access to the production key, which can 

may e.g. be of the type EEPROM (Electrically Erasea- only be obtained by having in one's possession the so- 

ble Programmable Read Only Memory), so that both called Batch card which belongs to this particular 

input and output access can be obtained via a card "batch". 

reader. 20 This ensures that only the holder of the Batch card 

Such a card is particularly suitable for storage of e.g. can personalize cards and that the batch card holder 

a secret key. It is furthermore possible to protect this only can personalize cards belonging to the "batch" in 

key efficiently by an encryption controlled by a PIN question, 

code, and by securing the key so that it cannot be read Re 2. Personalization 

from the card, but only be used for encryption and 25 When the production key is presented to the chip 

decryption. It is also possible to let the card destroy card, it is possible to input information into the memory, 

itself (logically) if a wrong PIN code is used more than Information can e.g. be secret keys, DES identification, 

e.g. three times, and to give it a definite lifetime (a cer- the names of the card holder and the card issuer, etc. 

tain number of applications). When this phase is over, the card enters its active phase. 

Detailed description of chip cards 30 Re 3. Active 

The chip card contains a micro processor, data and In this phase, the card is used by a user for encryption 

program storage and an I/O gate, secret information and decryption and for generating temporary keys, 

and protected information being hidden or stored in a The card can be used until one of three situations 

data memory. As the I/O gate is controlled by the appear: 

microprocessor, all reading of information is controlled 35 a) The card is invalidated by an end-of-life instruc- 

by the micro processor. Reading of secret data is not tioh. 

possible and reading of protected data is only possible b) One the control zones of the card is full. The card 

after positive validation of the PIN code of the card. contains three special zones: production key control 

With correct PIN code it is possible to encrypt and zone, application key control zone and PIN control 

decrypt data and to generate temporary keys. For en- 40 zone. In the first two zones a bit will be placed when an 

cryption and decryption, the Data Encryption Standard error has been made when presenting a key. In the last 

(DES) is used. In addition to the operating system for zone a bit is placed, each time a check is made for the 

the micro processor the program memory also contains PIN code. If the last zone runs full, the card enters the 

the encryption algorithm DES. This has the result that end-of-life phase. This will happen after a maximum of 

the card can in fact be used to encrypt and decrypt data, 45 6000 presentations of the PIN code. The contents of this 

even though it is quite a slow process (approx. 128 bytes zone are reduced when user information and service 

per second). keys are input into the card. 

The chip card in its present versions (DES Smart c) Three consecutive incorrect PIN code inputs cause 

Card (Philips) and CP8 Smart Card (Bull)) can contain the card to be locked. The card can be opened again by 

up to 1024 bytes information including various "head- 50 rehabilitation, 

ers". This corresponds to 500-800 bytes of user infor- Re 4 End of life 

mation, depending on the structure of the information in In this phase, the card cannot be used. The card can 

the card. be rehabilitated, if incorrect PIN code has been used. 

For different types of cards exist: Re 5. Rehabilitation 

Batch card: this card is received together with the 55 The card can be rehabilitated if the card holder still 

new cards and is used when personalizing these. remembers the correct PIN code, otherwise not. Reha- 

Root card: This card is used during the personaliza- bilitation should be made by the card issuer and card 

tion to decrypt the application keys and the personal holder jointly. In order to rehabilitate a chip card, a 

keys, before they, are written into the chip card. This card is used which is specially designed for this purpose, 

has the effect that the personal keys can be stored in a 60 viz. the rehabilitation card. 

file in encrypted form and will only be known in the The design of the chip card provides a possibility of 

memory of the personalizing system during the execu- storing keys protected by PIN code, possibly encrypted 

tion of the personalization. The root card contains for and dedicated use of the keys (e.g. only decryption). At 

each type of personal key a corresponding Root key. the same time the inputting of information and keys in a 

Rehabilitation card: Is used when rehabilitating a 65 chip card depends on whether you have access to both 

Transaction card. the Root card and the Batch card, i.e. that only specific 

Transaction card: This is the card which is handed persons have access to input keys/information, 

out to the users; It is used to store and protect personal Administration of keys 
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One of the largest problems in connection with a Traditionally, the cards are issued to the users in 

crypto system of practical use is the actual handling of batches. The card is sent separately and the PIN code is 

keys, as the keys are the "interface" of the system sent separately. The PIN code is sent or delivered after 

towards the users and constitute the weakest link of a accept of receipt of the card, 

system. 5 Re 4. Renewal/withdrawal of cards 

When a user is to have a key handed out or registered, When a card has run out for one reason or another, it 
it must be possible to identify him in a satisfactory way. must be returned to the card issuer as far as possible. 
The key is kept on a chip card, which can be allotted a The card issuer destroys it and possibly issues a new 
definite lifetime, and which, as mentioned above, also card to replace the old card. For security reasons it is 
destroys itself, when a wrong PIN code has been used 10 preferred that when changing cards, a new card is pro- 
three times. duced which is different in terms of the input keys from 

The more a key is used, the greater the risk for the the card which has run out If a user ceases to use the 

key becoming known. It is therefore necessary to chip card, the card must be returned to the card issuer, 

change the key at frequent intervals. As the number of Un der all circumstances the card is blocked electroni- 

users becomes large, and arbitrary users must cornmuni- 15 A possibility of blocking the card at the first pre- 

cate with each other in encrypted form, the users are sentation after the blocking can be input 

equipped with keys which are not used for data and file Observation of these precautions ensures 

encrypuon,butonlyforexchangeoftherealencryption that one ^ camwt ?roduce a Cflip ^ 

e ^ s * , . . . , J _ _ that only the card issuer can input information and keys, 

An administraOon is created around the security sys- 20 that keys can be product at any tiine for verification of 
tern and the handling of the keys, which the use of a card which has run out and that the right 

. ensures that the used keys are kept secret, user gets possession of the cards without any risk tLt 

b) ensures a ^possibihty of bang .able to recreate used ^ 4 d ^ used by unauthorized persons, 
secret keys and provides a possibility of verifying that a Authentic't 

certain key has been used for a specific purpose, 25 Al _ v . . . . ^ . . 

c) gives a simple and safe aUocation of keys, and ^ then ^ ««nty that the parties in- 

d) prevents swindling with the allocation of chip ™ !ved ' transmitter/receiver are who they pretend to 
cards by a stable and hermetic procedure. * m vanous wa * s > ^pendmg on 

The procedures for setting up the keys in connection whetner the svst eni is 
with a chip card comprise: 30 \' a ^metrical system or 

1. generation of ke ys 2. an asymmetrical system 

2. In putting keys and desired mformatiojuinLo chip f e *■ Symmetrical crypto system 

- ■ - - — -^r~ in order to ensure that a transmitter (A) and a re- 

3. ~6istribution of cards ceiver (B) are who they pretend to be, A sends a num- 

4. Renewal/withdrawal of cards 35 ber m encrypted form to B, and B verifies that the num- 
Re 1. Generation of cards comes fr° m A. Then B sends a combination of a part 
The keys for inputting information into the chip card of the number which B received from A, together with 

are generated in such a way that they are_both different a number generated by B in encrypted form to A. A can 
an dggnerated from random numbers . Accordingly, it is hereafter verify that the combination has come from B, 
no fpossTble to predict or guess the* value of a ke y. In 40 311(1 at ^e 531116 time A 03X1 check tne P art of ^ number 
ofo*er to start the program for generating keys, a chip w *ich was generated by A. A now encrypts the number 
card must be presented (secured by a PIN code). The which A received from B and sends it back to B, who 
keys generated are stored in encrypted form in aJile by ^ teT verification can see that B has received the same 
means of this card. ' combination as B sent to A. Below, it is outlined how a 

Re 2. Inputting keys and desired information into the 45 M P card 0331 oe used to ensure authenticity. When 
chip card using the symmetrical crypto system a faint risk must be 

The data (keys and possible information) which are to anticipated of a key being broken and data being read by 
b e input into the card s, as provided b y an application. third parties. This risk arises if a former member of the 
f rom th e4Ue in which they were a rranged_previously. system with a thorough knowledge of the type of initial 
The application sees to it that this data can only be 50 exchange of messages is in possession of a valid chip 
transferred from the encrypted file to a chip card by card and if this member taps the connection between 
two different persons with two different chip cards each transmitter and receiver and is in possession of the used 
having its own PIN code. The first card is a card which crypto program. 

has been alloted to the card issuer and the contents of Such a person will be able to decrypt the documents 
which are known exclusively by the manufacturer pro- 55 which are exchanged, encrypted with the described key 
ducing the "empty" chip cards. The second card is a in the transmission in question. However, it will not be 
card which follows the batch of cards being prepared. possible to change the contents of the document and a 
Accordingly, the person(s) generating the keys and the renewed deciphering will also have to be made when 
information has/have no possibility of inputting the tapping the next document transfer, as a new key is used 
keys and the information into the chip cards. On the 60 for this transfer. 

other hand, the person(s) inputting the data into the In the system according to the invention, a chip card 
chip cards has/have no possibility of learning what is reader 122, 222 and 426, respectively, is connected to 
being input into the cards. When the cards are being each computer system or each host, the computer sys- 
prepared, a logging to an encrypted file will be carried terns 100, 200 and 400. 

out. This file will be error tolerant and the mirror of an 65 The two computer systems constituting transmitter 
alternative physical position. The file will be secured by and receiver, the computer systems 100 and 200, respec- 
means of an appropriate security routine. tively, shown in FIG. 1-4, are equipped with autho- 

Re 3. Distribution of cards rized chip cards and are authorized to use these. 
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Each card 122 and 222 has two service zones for this The integrity ensures that data is not changed during 
purpose: or after a concluded transmission. This is ensured by 

A service zone with a "Verification key" (Vk) which calculating the transmitter's (A) signature and the re- 
is used to verify that the encryption which the opposite ceiver's (B) signature, adding these to the document and 
party has used is correct 5 having both A and B verify these signatures. With the 

A service zone with a "Signature key" (Sk) which is DES algorithm, signatures are produced which can be 
used for encryption of the communication. encrypted and verified by means of chip card: 

Vk can only be used for decryption and Sk can only In the system according to the invention, a chip card 
be used for encryption, reader is connected to each computer system or each 

In the procedure shown in FIG. 5, the following 10 host The two computer systems constituting transmit- 
abbreviations are used: ter and receiver, 100 and 200 respectively, shown in 

VkA: Verification key for A or the computer system FIG. 1-4, are equipped with authorized chip cards and 

100 are authorized to use these. 

SkA: Signature key for A or the computer system 100 For this purpose, each card has three service zones: 
VkN: Verification key for B or the computer system 15 A service zone with a so-called "Verification key" 

200 (Vk), which is used for verifying the signature which 

SkB: Signature key for B or the computer system 200 the opposite party has added to the document. 

E: Encryption A service zone with a "Signature key" (Sk) which is 

D: Decryption used to encrypt the signature. 

Rl, R2, R2: Random numbers 20 A service zone with a "Compression key" (Ck) which is 

Ml, M2, M3: Transferred messages used to produce the signature (MAC). 

IdA: The publicly known identification for A or the Vk can only be used for decryption and Sk can only 

computer system 100 be used for encryption. Ck is identical in all chip cards 

IdB: The publicly known identification for B or the and can be used for compacting the document to the 

computer system 200 25 signature. 

The procedure appears from FIG. 5. In the procedure shown in FIG. 6, the following 

Re 2. Asymmetrical crypto system abbreviations are used: 

The authenticity verification described above with VkA: Verification key for A or the computer system 
reference to FIG. 5 is solely based on the application of 100 

an encryption system based on DES, but for the sake of 30 SkA: Signature key for A or the computer system 100 
completeness, the asymmetrical system is briefly de- MacA: The compacted document seen from A*s side 
scribed below. EmacA: The encrypted MacA 

If A or the computer 100 is to send a clear text M, VkB: Verification key for B or the computer system 200 
which is to be kept secret when being transmitted, to B SkB: Signature key for B or the computer system 200 
or the computer system 200, A uses B's public key PB, 35 MacB: The compacted document seen from B's side 
which B has made public to everyone, and sends EmacB: The encrypted MacB 

Ck: Compression key 
PB(M)-c E: Encryption 

D: Decryption 

Only B can decrypt, as only B knows his private key 40 q. Compression 
and SB(C)— ►M. Rl : Random numbers exchanged previously 

If A is to send a clear text X to B in encrypted form Ml, M2, M3: Transferred messages 
in such a way that B can check that the message comes idA: The publicly known identification for A 
from A, A sends IdB; The publicly known identification for B 

45 The procedure appears from FIG. 6 
SA(X)-or. jjjtggrjty j s ensure d as both transmitter and re- 

. . . . . , .... _ A , - , ceiver are certain that (have a possibility of checking) 

B then tnes with A s public key PA and finds ^ the docuinent has not been Mon or ^ 

PA(Y)_oc ^ e transn " ss i° n without possible changes being unam- 

50 biguously ascertainable. The function * A2 is built up in 

If X is meaningful, then SA must have been used, as such a w f av that * e ? hip car ?l can P roduce ? . k f y by 
only A can encrypt in such a way that PA can decrypt means of a P ubllcl y known identification which can 
into anything meaningful. It should be noted that au- , the encrypted B/Mac and thus provide a basis 

thenticity is only ensured the first time the message X is for ch ^ n g that the Mac which is added to the docu- 
signed. In practice therefore, such a message must be 55 ment 15 vahd > l ? calculated on the basls of ^ e docu ' 
unique, e.g. by indicating the time of the day. ment re . cei ^ ed bv the expected transmitter. The same 

Both properties can be obtained in the following way: apP^;* the opposite direction to the function *B2. 

If A wishes to send M to B, so that B is sure that the t h j s ™V°*&nt that the Mac's produced are hidden in 
message comes from A at the 'same time ensuring that the document, as they are the unique signatures of the 
only B of all people can decrypt the message, A sends parties. 

Secunty of access to the videostex system is shown in 

PB(SA(M>-*C FI <J- 4 

This security is ensured by using chip cards for auto- 
The only way in which M can be deduced as follows: «»tic log-on to the videotex system: 

65 1. Automatic presentation of identification and pass- 
pa(SB<p>-m .word 

2. Encryption of communication between terminal and 
Integrity videotex server 
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3. Security in the videotex server as regards the individ- tion in the card. The encrypted result (MAC - Message 

ual user's access to the individual mail boxes and the Authentication Code) is unique to this document and 

applications of the system. this transmitter, and the MAC is added to the docu- 

Re 1. Automatic presentation of identification and ment, whereupon it is ready for "dispatch", 

password 5 R e 2. The documents cannot be forged 

A chip card reader 422 of the type LECAM con- If changes are made in the document after the transfer 

nected to a Minitel 409 has an intelligence which has the is considered to be concluded, it will be possible to 

effect that it reads in a certain position on the card ascertain this, as the MAC'S which are included in the 

searching for data for an automatized dialling. When document can be validated, whereupon the document is 

the dialling has been made, the application which is 10 accepted or considered as invalid, 

ninning on the videotex system will transfer a program R e 3. The documents can only be read by/transferred 

to the RAM storage of the chip card reader. This pro- to the authorized person 

gram will then find identification and password in the Both transmitter and receiver make sure that they are 

card, ask for the PIN code to be entered and communi- in contact with the right person, whereupon the docu- 

cate with the application on the videotex server. If the 15 men t is encrypted by means of a key which is known by 

PIN code is stated incorrectly, the program has no transmitter and receiver exclusively and which is arbi- 

possibility of collecting information in the chip card. trary and only applies to this one transfer. 

Re 2. Encryption of communication between terrni- R e 4. Possibility of producing unambiguous evidence 

nal and videotex server m connection with a possible dispute (MAC) 

The program which is transferred to the chip card 20 This is ensured by the card issuer's keeping the issued 

reader, finds the key which is to be used for encryption, keys m a satisfactory way so that it can be decided at 

by looking up the chip card. The videotex application any ^ whether there is identity between a document 

looks up a table in the host or the computer system 400 and the associated MACs. 

and finds a corresponding key. Encryption is made on EDIFACT definition 

the basis of this key for the whole communication be- 25 EDIFACT (Electronic Data Interchange For Ad- 

tween Minitel 400 and Host 400. It is expedient to use ministration, Commerce and Transport) is a standar- 

this encryption key to encrypt the exchange of the ran- dised method of electronic transfer of all business re- 

domly chosen key which is used for encryption of the i a ted documents, which have an organized structure, 

rest of the communication, as this has the result that a The standard— which is approved by ISO (Interna- 

different encryption key is used for each individual 30 tional Standard Organization)— is meant for exchange 

commuiiication. of documents between computer systems on both a 

Re 3. Security m the videotex server as regards the domestic and a foreign level; the standard is therefore 

individual user's access to the individual mail boxes and not dependent on language. The standard does not pre- 

theapphcations of the system scribe how the actual network communication must be 

The access to mail boxes, data and applications in the 35 carrie d out; it is a technically independent standard, 

videotex server is ensured by the "log-on" which is An EDIFACT document can be divided into certain 

made on the basis of the information residing in the chip pans or modules, which are called segments. Each 

card. As the exchange of identification and password segment has a specific purpose in the document in ques- 

takes place in encrypted form, it will not be possible by tj 0Il( ^6 the position of the segment in the message is 

tapping the line and the terminal to reconstruct these. In 40 prescribed by the standard for the document type in 

other words it will not be possible to get in contact question. All segments are identified by a 3-letter code 

with the mail boxes without possessing a chip card with as prescribed by the standard. A message consists of 

a secret PIN code (which is only found in the card). many different segments which together contain all the 

After access has been obtained to the video tex sys- information which is necessary to create the document, 

tem, it is secured that access cannot be obtained to a 45 A segment may e.g. look like this: 
basic host computer. This is done to avoid that data 

hackers by an error in the video tex system can obtain cirx+DEMriN' 
access to the operating system of the host computer. 

Security when exchanging documents CUX is a segment head; CUX means type of currency 

The security system sees to it that documents which SO + is data element punctuation mark 

are built up according to the EDIFACT standard can DEM means German marks— the value can be anything 

be transferred securely between connected hosts. else; arbitrarily definable as long as both transmitter 

It is ensured and receiver agree to the meaning of the codes 

1. that the documents can be endorsed with signature, : is a data component punctuation mark 

2. that the documents cannot be forged, 55 IN is an abbreviation of INvoice— also arbitrarily defin- 

3. that the documents can only be read by/transferred able 

to the person authorized, and • designates the end of a segment 

4. that it is possible to produce unambiguous evidence in The contents of a segment can be divided into data 
connection with a possible dispute elements. A data element is divided into one or more 
Re 1. The documents can be endorsed with a signa- 60 data components. In the above example with the seg- 

turc ment CUX, only one data element is found. This data 
The transmitter goes through the document or parts element consists of 2 data components, viz DEM and 
thereof in order to generate an abbreviated expression IN. 

of the document (e.g. a 64 bit key). This expression : is the punctuation mark separating coherent data 
contains at least a serial number, date, time and all the 65 components, whereas -f is the separator for the individ- 
sensitive data. This expression is encrypted by a chip ual data elements in a segment. This technique of de- 
card with a key which is found in the card and which scribing information in a document is general and is 
cannot be read but only used for encryption or decryp- used in all EDIFACT segments. 
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The data which follows a given segment head, is 
defined in the standard and is therefore unalterable. It is, 
however, not all data which is compulsory— quite a few 
can be omitted depending on the need. 

To a very large extent, codes are used in the individ- 
ual segments. By this is meant e.g. DEM in the above 
example which means German marks. 

Both parties to the communication (transmitter and 
receiver) must agree to the application of these, as these 
are not covered by the standard. 

We claim: 

1. A method of transferring data from a first com- 
puter system to a second computer system via a data 
transmission line by use of a coherent set of electronic 
cards, wherein for said transfer 
a first station is used for outputting data from and 
inputting data into a first electronic card, said first 
station being connected to and communicating 
with said first computer system and furthermore 
being connected to said data transmission line via 
said first computer system and interfacing means, 
and 

a second station is used for outputting data from and 
inputting data into a second electronic card, said 
second station being connected to and communi- 
cating with said second computer system and fur- 
thermore being connected to said data transmission 
line via this second computer system and interfac- 
ing means, 

said first and second electronic card each comprising 
a central data processing unit, an internal storage 
means, an input/output gate for communication 
with said corresponding station as well as an en- 
cryption/decryption means and together constitut- 
ing the coherent set of electronic cards comprising 
coherent encryption and decryption keys input into 
said internal storages of said cards in such a way 
that the cards are able to communicate with each 
other and encrypt and decrypt data transferred 
from the first card to the second card and vice 
versa, said method comprising the steps of: 

transferring said data to said first electronic card from 
said first computer system via said first station and 
said input/output gate of said first electronic card, 
and inputting and temporarily storing said data in 
said internal storage of said first electronic card, 

outputting said data from said internal storage of said 
first electronic card and encrypting said data in said 
first electronic card by means of said encryption/- 
decryption means of said first electronic card and 
said encryption key(s) stored in said internal stor- 
age of said first electronic card, 

outputting said data from said first electronic card in 
encrypted form via said input/output gate of said 
first electronic card and transferring said encrypted 
data via said first station to said first computer 
system and therefrom via said interfacing means of 
said first computer system to said data transmission 
line, 

receiving said data by said second computer system in 
encrypted form via said interfacing means of said 
second computer system, transferring said en- 
crypted data to said second electronic card via said 
second station and via said input/output gate of 
said second electronic card, and inputting and tem- 
porarily storing said data in said internal storage of 
said second electronic card, 
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outputting said data from said internal storage of said 
second electronic card in encrypted form and de- 
crypting said data in said second electronic card by 
means of said encryption/decryption means of said 
5 second electronic card and said decryption key(s) 
stored in said internal storage of said second elec- 
tronic card, and 
outputting said data from said second electronic card 
in encrypted form via said input/output gate of said 
10 second electronic card and via said second station 
to said second computer system. 

2. A method according to claim 1, further comprising 
the steps of making a verification of the authenticity of 
said first electronic card relative to said second elec- 

15 tronic card and vice versa prior to said transfer of said 
data from said first computer system to said second 
computer system. 

3. A method according to claim 1, further comprising 
the step of making a verification of the integrity of said 

20 data at said transfer of said data from said first computer 
system to said second computer system. 

4. A method according to claim 1, wherein said input- 
ting into, said outputting from, said encryption and said 
decryption and possibly said authenticity and integrity 

25 verification is controlled autonomously by said central 
data processing unit of said individual card. 

5. A method according to claim 4, wherein said trans- 
fer of said data is made in accordance with the LECAM 
protocol. 

30 6. A method according to claim 2, said authenticity 
verification comprising the steps of: 
generating a first set of data in said first electronic 
card, inputting and storing said first set of data in 
said internal storage of said first electronic card, 
35 and encrypting said first set of data in said first 
electronic card by means of said encryption/de- 
cryption means of said first electronic card and said 
encryption key(s) stored in said internal storage of 
said first electronic card, 
40 outputting said first set of data from said first elec- 
tronic card in encrypted form via said input/output 
gate of said first electronic card, transferring said 
first set of data via said first station to said first 
computer system and therefrom via said interfacing 
45 means of said first computer system to said data 
transmission line, 
receiving said first set of data by said second com- 
puter system in encrypted form via said interfacing 
means of said second computer system, transferring 
50 said encrypted first set of data to said second elec- 
tronic card via said second station and via said 
input/output gate of said second electronic card, 
and inputting and temporarily storing said en- 
crypted first set of data in said internal storage of 
55 said second electronic card, 

outputting said first set of data received by said sec- 
ond computer system in encrypted form from said 
internal storage of said second electronic card, and 
decrypting said encrypted first set of data in said 
60 second electronic card by means of said encryp- 
tion/decryption means of said second electronic 
card and said decryption key(s) stored in said inter- 
nal storage of said second electronic card, 
inputting and storing, in said internal storage of said 
65 second electronic card, said first set of data re- 
ceived by said second computer system in en- 
crypted form and decrypted in said second elec- 
tronic card, 
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generating a second set of data in said second elec- 
tronic card, and inputting and storing said second 
set of data in said internal storage of said second 
electronic card, 

generating, in said second electronic card, a first 
combination of said first set of data received by said 
second computer system in encrypted form, de- 
crypted and stored in said internal storage of said 
second electronic card and said second set of data 
stored in said interna] storage of said second elec- 
tronic card, and inputting and storing said first 
combination in said internal storage of said second 
electronic card, 

encrypting said first combination in said second elec- 
tronic card by means of said encryption/decryp- 
tion means of said second electronic card and said 
encryption key(s) stored in said internal storage of 
said second electronic card, 

outputting said first combination from said second 
electronic card in encrypted form via said input- 
/output gate of said second electronic card, and 
transferring said encrypted first combination via 
said second station to said second computer system 
and therefrom via said interfacing means of said 
second computer system to said data transmission 
line, 

receiving said first combination by said first computer 
system in encrypted form via said interfacing 
means of said first computer system, transferring 
said encrypted first combination to said first elec- 
tronic card via said first station and via said input- 
/output gate of said first electronic card, and input- 
ting and temporarily storing said encrypted first 
combination in said internal storage of said first 35 
electronic card, 

outputting, from said internal storage of said first 
electronic card, said first combination received by 
said first computer system in encrypted form, and 
decrypting said encrypted first combination in said 43 
first electronic card by means of encryption/de- 
cryption means of said first electronic card and said 
decryption key(s) stored in said internal storage of 
said first electronic card, 

inputting and storing, in said internal storage of said 45 
first electronic card, said first combination re- 
ceived by said first computer system in encrypted 
form and decrypted in said first electronic card, 

decombining said first combination stored in said 
internal storage of said first electronic card for 50 
producing a first set of data retransmitted to said 
first electronic card and a second set of data trans- 
ferred to said first electronic card, 

inputting and storing, in said internal storage of said 
first electronic card, said first set of data retransmit- 55 
ted to said first electronic card and said second set 
of data transferred to said first electronic card, 

comparing said first set of data stored in said internal 
storage of said first electronic card to said first set 
of data retransmitted to said first electronic card 60 
and stored in said internal storage of said first elec- 
tronic card for verification of identity between 
these sets of data for verification of the authenticity 
of said second electronic card relative to said first 
electronic card, 

generating a third set of data in said first electronic 
card, inputting and storing said third set of data in 
said internal storage of said first electronic card, 
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generating, in said first electronic card, a second 
combination of said second set of data received in 
encrypted form by said first computer system, de- 
crypted and stored in said internal storage of said 
first electronic card and said third set of data stored 
in said internal storage of said first electronic card, 
and inputting and storing said second combination 
in said internal storage of said first electronic card, 

encrypting said second combination in said first elec- 
tronic card by means of said encryption/decryp- 
tion means of said first electronic card and said 
encryption key(s) stored in said internal storage of 
said first electronic card, 

outputting said second combination from said first 
electronic card in encrypted form via said input- 
/output gate of said first electronic card, and trans- 
ferring said second combination via said first sta- 
tion to said first computer system and therefrom 
via said interfacing means of said first computer 
system to said data transmission line, 

receiving said second combination by said second 
computer system in encrypted form via said inter- 
facing means of said second computer system, 
transferring said encrypted second combination to 
said second electronic card via said second station 
and via said input/output gate of said second elec- 
tronic card, and inputting and temporarily storing 
said encrypted second combination in said internal 
storage of said second electronic card, 

outputting, from said internal storage of said second 
electronic card, said second combination received 
by said second computer system in encrypted form, 
and decrypting said encrypted second combination 
in said second electronic card by means of said 
encryption/decryption means of said second elec- 
tronic card and said decryption key(s) stored in 
said internal storage of said second electronic card, 

inputting and storing, in said internal storage of said 
second electronic card, said second combination 
received by said second computer system in en- 
crypted form and decrypted, 

decombining said second combination stored in said 
interna] storage of said second electronic card for 
producing a second set of data retransmitted to said 
second electronic card and a third set of data trans- 
ferred to said second electronic card, 

inputting and storing, in said internal storage of said 
second electronic card, said second set of data 
retransmitted to said second electronic card and 
said third set of data transferred to said second 
electronic card, and 

comparing said second set of data stored in said inter- 
nal storage of said second electronic card to said 
second set of data retransmitted to said second 
electronic card and stored in said internal storage 
of said second electronic card for verification of 
identity between these sets of data for verification 
of the authenticity of said first electronic card rela- 
tive to said second electronic card. 

7. A method according to claim 3, said integrity veri- 
fication comprising the steps of: 

generating a compacted version of said data in said 
first computer system or said first electronic card, 
and inputting and storing said compacted version 
in said internal storage of said first electronic card, 

generating, in said second computer system or in said 
second electronic card, a compacted version of 
said data transferred to said second computer sys- 
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tern, and inputting and storing said compacted 
version in said internal storage of said second elec- 
tronic card, 

outputting, from said internal storage of said first 
electronic card, said compacted data version stored 
in said internal storage of said first electronic card, 
and encrypting said compacted data version in said 
first electronic card by means of said encryption/- 
decryption means of said first electronic card and 
said encryption key(s) stored in said internal stor- 
age of said first electronic card, 

outputting, from said first electronic card via said 
input/output gate of said first electronic card, said 
compacted data version encrypted by said encryp- 
tion/decryption means of said first electronic card, 
and transferring said encrypted and compacted 
data version via said first station to said first com- 
puter system and therefrom via said interfacing 
means of said first computer system to said data 
transmission line, 

receiving, by said second computer system via said 
interfacing means of said second computer system, 
said encrypted and compacted data version trans- 
ferred from said first computer system, transferring 
said encrypted and compacted data version to said 25 
second electronic card via said second station and 
via said input/output gate of said second electronic 
card, and inputting and temporarily storing said 
encrypted and compacted data version in said in- 
ternal storage of said second electronic card, 

outputting, from said internal storage of said second 
electronic card, said compacted data version re- 
ceived by said second computer system in en- 
crypted form, and decrypting said compacted data 
version in said second electronic card by means of 35 
said encryption/decryption means of said second 
electronic card and said decryption key(s) stored in 
said internal storage of said second electronic card, 

inputting and storing, in said internal storage of said 
second electronic card, said decrypted, compacted 40 
data version received by said second computer 
system in encrypted form and decrypted by said 
second electronic card, and 

comparing, in said second electronic card for verifi- 
cation of the integrity of or identity between said 45 
data transferred from said first computer system 
and said data received by said second computer 
system, said compacted data version stored in said 
second electronic card to said decrypted, com- 
pacted data version received by said second com- 
puter system in encrypted form and decrypted in 
said second electronic card. 

8. A method according to claim 3, said integrity veri- 
fication comprising the steps of: 

generating a compacted version of said data in said 
first computer system or in said first electronic 
card, and inputting and storing said compacted 
version in said internal storage of said first elec- 
tronic card, 

generating, in said second computer system or in said 
second electronic card, a compacted version of 
said data transferred to said second computer sys- 
tem, and inputting and storing said compacted 
version in said internal storage of said second elec- 
tronic card, 

outputting, from said internal storage of said second 
electronic card, said compacted version stored in 
said internal storage of said second electronic card, 
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and encrypting said compacted version in said 
second electronic card by means of said encryp- 
tion/decryption means of said second electronic 
card and said encryption key(s) stored in said inter- 
nal storage of said second electronic card, 

outputting, from said second electronic card via said 
input/output gate of said second electronic card, 
said compacted data version encrypted by said 
encryption/decryption means of said second elec- 
tronic card, and transferring said encrypted and 
compacted data version via said second station to 
said second computer system and therefrom via 
said interfacing means of said second computer 
system to said data transmission line, 

receiving, by said first computer system via said inter- 
facing means of said first computer system, said 
encrypted and compacted data version transferred 
from said second computer system, transferring 
said encrypted and compacted data version to said 
first electronic card via said first station and via 
said input/output gate of said first electronic card, 
and inputting and temporarily storing said en- 
crypted and compacted data version in said inter- 
nal storage of said first electronic card, 

outputting, from said internal storage of said first 
electronic card, said compacted data version re- 
ceived by said first computer system in encrypted 
form, and decrypting said encrypted and com- 
pacted data version in said first electronic card by 
means of said encryption/decryption means of said 
first electronic card and said decryption key(s) 
stored in said internal storage of said first electronic 
card, 

inputting and storing, in said internal storage of said 
first electronic card, said decrypted, compacted 
data version received by said first computer system 
in encrypted form and decrypted by said first elec- 
tronic card, and 

comparing, in said first electronic card for verifica- 
tion of the integrity of or identity between said data 
transferred from said first computer system and 
said data received by said second computer system, 
said compacted data version stored in said first 
electronic card to said decrypted, compacted data 
version received by said first computer system in 
encrypted form and decrypted in said first elec- 
tronic card. 

9. A method according to claim 7, wherein said trans- 
fer of said compacted data version generated in said first 
computer system or in said first electronic card from 
said first electronic card to said second electronic card 
is made simultaneously with said transfer of said data 
itself, and said data and said compacted data version are 
combined and encrypted as a whole before said transfer. 

10. A method according to claim 8, wherein said 
transfer of said compacted data version generated in 
said second computer system or in said second elec- 
tronic card from said second electronic card to said first 
electronic card is made simultaneously with a retrans- 
mission of said data received from said first electronic 
card from said second electronic card to said first elec- 
tronic card, and said data to be retransmitted and said 
compacted data version are combined and encrypted as 
a whole before said transfer. 

11. A method according to claim 8, wherein 

said transfer of said compacted data version gener- 
ated in said second computer system or in said 
second electronic card from said second electronic 
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card to said first electronic card is made simulta- 
neously with a retransmission of said compacted 
data version received by said second electronic 
card from said second electronic card to said first 
electronic card, 

said transfer and retransmission of compacted data 
versions are made simultaneously with a retrans- 
mission of said data received by said second elec- 
tronic card from said second electronic card to said 
first electronic card, and 

said data to be retransmitted and both compacted 
data versions are combined and encrypted as a 
whole before said transfer. 

12. A system for said transfer of data from a first 
computer system to a second computer system, which 15 
second computer system is autonomous in relation to 
said first computer system via a data transmission line, 
according to the method of claim 1, said system com- 
prising a first station and a second station, which are 
connected to and communicate with said first and said 20 
second computer system, respectively, and which fur- 
thermore via said first and said second computer sys- 
tem, respectively, and corresponding interfacing means 
are connected to said data transmission line, as well as a 
first and a second electronic card, which constitute a 
coherent set of cards comprising coherent encryption/- 
decryption keys input into said internal storages of said 
cards in such a way that the cards are able to communi- 
cate with each other and encrypt and decrypt data 
transferred from the first card to the second card and 
vice versa. 

13. A system according to claim 12, said first and said 
second electronic card being of the type DES Smart 
Card (Philips), Super Smart Card (Bull) or CPS Smart 35 
Card (Bull). 

14. A method according to claim 2, further compris- 
ing the step of making a verification of the integrity of 
said data at said transfer of said data from said first 
computer system to said second computer system. 

15. A method according to claim 6, wherein 
the encryption key used for encrypting the first set of 

data and the second combination is made by use of 
a first signature key stored in the first electronic 
card, 

the decryption key used for decrypting the encrypted 
form of the first set of data and the encrypted form 
of the second combination is made by use of a 
second verification key stored in the second elec- 
tronic card and a publicly known identification of 50 
the first electronic card, 
the encryption key used for encrypting the first com- 
bination is made by use of a second signature key 
stored in the second electronic card, and 
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18. A method according to claim 7, wherein the in- 
tegrity verification further comprises the steps of: 

outputting, from said internal storage of said second 
electronic card, said compacted version stored in 
said internal storage of said second electronic card, 
and encrypting said compacted version in said 
second electronic card by means of said encryp- 
tion/decryption means of said second electronic 
card and said encryption key(s) stored in said inter- 
nal storage of said second electronic card, 

outputting, from said second electronic card via said 
input/output gate of said second electronic card, 
said compacted data version encrypted by said 
encryption/decryption means of said second elec- 
tronic card, and transferring said encrypted and 
compacted data version via said second station to 
said second computer system and therefrom via 
said interfacing means of said second computer 
system to said data transmission line, 

receiving, by said first computer system via said inter- 
facing means of said first computer system, said 
encrypted and compacted data version transferred 
from said second computer system, transferring 
said encrypted and compacted data version to said 
first electronic card via said first station and via 
said input/output gate of said first electronic card, 
and inputting and temporarily storing said en- 
crypted and compacted data version in said inter- 
nal storage of said first electronic card, 

outputting, from said internal storage of said first 
electronic card, said compacted data version re- 
ceived by said first computer system in encrypted 
form, and decrypting said encrypted and com- 
pacted data version in said first electronic card by 
means of said encryption/decryption means of said 
first electronic card and said decryption key(s) 
stored in said internal storage of said first electronic 
card, 

inputting and storing, in said internal storage of said 
first electronic card, said decrypted, compacted 
data version received by said first computer system 
in encrypted form and decrypted by said first elec- 
tronic card, and 

comparing, in said first electronic card for verifica- 
tion of the integrity of or identity between said data 
transferred from said first computer system and 
said data received by said second computer system, 
said compacted data version stored in said first 
electronic card to said decrypted, compacted data 
version received by said first computer system in 
encrypted form and decrypted in said first elec- 
tronic card. 

19. A method according to claim 9, wherein the com- 
pacted data is generated by use of a common compres- 



the decryption key used for decrypting the encrypted 55 sion key prestored in the electronic cards. 



form of the first combination is made by use of a 
first verification key stored in the first electronic 
card and a publicly known identification of the 
second electronic card. 

16. A method according to claim 1, wherein the en- 60 
cryption and decryption keys used for encrypting and 
decrypting the transferred data are generated from a 
first set of data generated in an authenticity verification 
which is made prior to the transfer of the data as de- 
scribed in claim 6. 65 

17. A method according to claim 16, wherein the 
authenticity verification further comprises the method 
of claim 16. 



20. A method according to claim 9, wherein 

the compacted data version is encrypted by use of a 
first signature key, which is stored in the first elec- 
tronic card, before being combined with the data 
and further encrypted as a whole, and 

the encrypted compacted data version is decrypted 
by use of a second verification key stored in the 
second electronic card and a publicly known iden- 
tification of the first electronic card after the com- 
bination of the data and the compacted data ver- 
sion has been transferred and decrypted as a whole. 

21. A method according to claim 9, wherein the en- 
cryption and decryption keys used for encrypting and 
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decrypting the combination of the data and the com- 
pacted data version are generated from a first set of data 
generated in an authenticity verification which is made 
prior to the transfer of the data as described in claim 6. 

22. A method according to claim 21, wherein the 
authenticity verification further comprises the method 
of claim 15. 

23. A method according to claim 10, wherein the 
compacted data is generated by use of a common com- 
pression key prestored in the electronic cards. 

24. A method according to claim 10, wherein 
the compacted data version is encrypted by use of a 

second signature key, which is stored in the second 
electronic card, before being combined with the 
data to be retransmitted and further encrypted as a 
whole, and 

the encrypted compacted data is decrypted by use of 
a first verification key stored in the first electronic 
card and a publicly known identification of the 
second electronic card after the combination of the 
data to be retransmitted and the compacted data 
version has been transferred and decrypted as a 
whole. 

25. A method according to claim 10, wherein the 
encryption and decryption keys used for encrypting and 
decrypting the combination of the data to be retransmit- 
ted and the compacted data version are generated from 
a first set of data generated in an authenticity verifica- 
tion which is made prior to the transfer of the data as 
described in claim 6. 

26. A method according to claim 25, wherein the 
authenticity verification further comprises the method 
of claim 15. 

27. A method according to claim 7, wherein the com- 
pacted data is generated by use of a common compres- 
sion key prestored in the electronic cards. 

28. A method according to claim 8, wherein the com- 
pacted data is generated by use of a common compres- 
sion key prestored in the electronic cards. 

29. A method according to claim 18, wherein 
said transfer of said compacted data version gener- 
ated in said first computer system or in said first 
electronic card from said first electronic card to 
said second electronic card being made simulta- 
neously with said transfer of said data itself, said 
data and said compacted data version being com- 
bined and encrypted as a whole before said trans- 
fer, 

said transfer of said compacted data version gener- 
ated in said second computer system or in said 
second electronic card from said second electronic 
card to .said first electronic card being made simul- 
taneously with a retransmission of said compacted 
data version received by said second electronic 
card from said second electronic card to said first 
electronic card, said transfer and retransmission of 
said compacted data versions also being made si- 
multaneously with a retransmission of said data 
received by said second electronic card from said' 
second electronic card to said first electronic card, 
said data to be retransmitted and both compacted 
data versions being combined and encrypted as a 
whole before said transfer. 

30. A method according to claim 29, wherein the 
compacted data is generated by use of a common com- 
pression key prestored in the electronic cards. 

31. A method according to claim 2, wherein 
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the encryption key(s) stored in the internal storage of 
the first electronic card include(s) a first encryption 
key made by use of a first signature key stored in 
the first electronic card, 
5 the decryption key(s) stored in the internal storage of 
the second electronic card includes) a second de- 
cryption key made by use of a second verification 
key stored in the second electronic card and a 
publicly known identification of the first electronic 
10 card, 

the encryption key(s) stored in the internal storage of 
the second electronic card include(s) a second en- 
cryption key made by use of a second signature key 
stored in the second electronic card, 
15 the decryption key(s) stored in the internal storage of 
the first electronic card include(s) a first decryption 
key made by use of a first verification key stored in 
the first electronic card and a publicly known iden- 
tification of the second electronic card, and 
the authenticity verification comprises the steps of: 

a) generating a first random number in the trans- 
mitter, 

b) encrypting the first random number by use of the 
first encryption key to obtain a first authenticity 
message within the first electronic card, 

c) transmitting the first authenticity message to the 
second electronic card, 

d) decrypting the first authenticity message within 
the second electronic card by use of the second 
decryption key to obtain the first random num- 
ber within the second electronic card, 

e) generating a second random number in the re- 
ceiver, 

f) combining the received first random number 
with the second random number to obtain a first 
combination within the second electronic card, 

g) encrypting the first combination by use of the 
second encryption key to obtain a second au- 

40 thenticity message within the second electronic 

card, 

h) transmitting the second authenticity message to 
the first electronic card, 

i) decrypting the second authenticity message 
45 within the first electronic card by use of the first 

decryption key to obtain the first combination 
within the first electronic card, 
j) separating the received first combination within 
the first electronic card, 
50 k) comparing the value of the first random number 
generated in the transmitter with the value of the 
first random number received from the second 
electronic card and stored in the first electronic 
card, and in case the two values are equal verify- 
55 ing the authenticity of the identity of the second 

electronic card, 
1) generating a third random number within the 
transmitter, 

m) combining the received second random number 
60 with the third random number to obtain a second 

combination within the first electronic card, 
n) encrypting the second combination by use of the 
first encryption key to obtain a third authenticity . 
message within the first electronic card, 
65 o) transmitting the third authenticity message to 
the second electronic card, 
p) decrypting the third authenticity message within 
the second electronic card by use of the second 
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decryption key to obtain the second combination 
within the second electronic card, 
q) separating the received second combination 

within the second electronic card, 
r) comparing the value of the second random num- 5 
ber generated in the receiver with the value of 
the second random number received from the 
first electronic card and stored in the second 
electronic card, and in case the two values are 
equal verifying the authenticity of the identity of 10 
the first electronic card. 
32. A method according to claim 3, wherein 
the encryption key(s) stored in the internal storage of 
the first electronic card includes) a first encryption 
key made by use of a first signature key stored in 15 
the first electronic card, 
the decryption key(s) stored in the internal storage of 
the second electronic card include(s) a second de- 
cryption key made by use of a second verification 
key stored in the second electronic card and a 20 
publicly known identification of the first electronic 
card, 

the encryption key(s) stored in the internal storage of 
the second electronic card includes) a second en- „ 
cryption key made by use of a second signature key 
stored in the second electronic card, 

the decryption key(s) stored in the internal storage of 
the first electronic card include(s) a first decryption 
key made by use of a first verification key stored in 3Q 
the first electronic card and a publicly known iden- 
tification of the second electronic card, 

a common compression key is stored in the internal 
storage of the first electronic card and in the inter- 
nal storage of the second electronic card, 35 

the encryption key(s) stored in the internal storage of 
the first electronic card and in the internal storage 
of the second electronic card include(s) a random 
encryption key made by use of a previously ex- 
changed random number, 

the decryption key(s) stored in the internal storage of 
the second electronic card and in the internal stor- 
age of the second electronic card include(s) a ran- 
dom decryption key made by use of a previously 
exchanged random number, and 45 

the integrity verification comprises the steps of: 

a) generating a first compacted document of the 
data within the transmitter by use of the common 
compression key, 

b) encrypting the first compacted document by use 50 
of the first encryption key to obtain an encrypted 
first compacted document within the first elec- 
tronic card, 

c) combining the data and the encrypted first com- 
pacted document to a first combination and en- 55 
crypting this first combination by use of the 
random encryption key to obtain a first integrity 
message within the first electronic card, 

d) transmitting the first integrity message to the 
second electronic card, 60 
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e) decrypting the first integrity message within the 
second electronic card by use of the random ' 
decryption key to obtain the first combination 
within the second electronic card, 

f) separating the first combination within the sec- 
ond electronic card, 

g) generating within the receiver a second version 
of the first compacted document of the received 
data by use of the common compression key, 

h) decrypting the received encrypted first com- 
pacted document within the second electronic 
card by use of the second decryption key to 
obtain a first version of the first compacted docu- 
ment, 

i) comparing the obtained results of the first and 
second version of the first compacted document, 
and in case the two versions are equal verifying 
the integrity of the transmission of the data from 
the first electronic card to the second electronic 
card, 

j) generating within the receiver a second com- 
pacted document of the first combination by use 
of the common compression key, 

k) encrypting the second compacted document by 
use of the second encryption key to obtain an 
encrypted second compacted document within 
the second electronic card, 

1) combining the first combination and the en- 
crypted second compacted document to a sec- 
ond combination and encrypting this second 
combination by use of the random encryption 
key to obtain a second integrity message within 
the second electronic card, 

m) transmitting the second integrity message to the 
first electronic card, 

n) decrypting the second integrity message within 
the first electronic card by use of the random 
decryption key to obtain the second combination 
within the first electronic card, 

o) separating the second combination within the 
first electronic card, 

p) generating within the transmitter a second ver- 
sion of the second compacted document of the 
received second combination by use of the com- 
mon compression key, 

q) decrypting the received encrypted second com- 
pacted document within the first electronic card 
by use of the first decryption key to obtain a first 
version of the second compacted document, 

r) comparing the obtained results of the first and 
second versions of the second compacted docu- 
ment, and in case the two versions are equal 
verifying the integrity of the transmission of the 
data from the first electronic card to the second 
electronic card. 
33. A method according to claim 32, wherein the 
previously exchanged random number has been ex- 
changed in an authenticity verification as described in 
claim 31. 

***** 
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